Closed Bug 518492 Opened 15 years ago Closed 15 years ago

TM: fix and clarify incorrect STATUS_EXIT uses

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: dvander, Unassigned)

References

Details

(Whiteboard: fixed-in-tracemonkey)

Attachments

(1 file)

patch
3.13 KB, patch
gal
: review+
Details | Diff | Splinter Review 
After bug 518258 I put an assertion in the LeaveTree deep-bail case that after bumping regs.pc:

> JS_ASSERT(regs->pc == innermost->pc);

This assert hit in the following tests:
/Users/dvander/mozilla/safemonkey/js/src/trace-test/tests/basic/testInterpreterReentry6.js
/Users/dvander/mozilla/safemonkey/js/src/trace-test/tests/basic/testInterpreterReentry7.js

The culprits are these two functions, respectively:
 > TraceRecorder::initOrSetPropertyByName
 > TraceRecorder::initOrSetPropertyByIndex

They are taking pre-state STATUS_EXIT snapshots. LeaveTree wants a post-state snapshot, so the assertion fails. Problem is, the interpreter coalesces JSOP_SETELEM and JSOP_POP pairs. If we take a post-state snapshot, it's after the JSOP_POP, and the assertion _still_ fails because LeaveTree's regs->pc adjustment doesn't do the same coalescing.

What happens right now: If |SetPropertyByBleh| deep-bails, the second call to LeaveTree will push a bogus value on the stack, like bug 518258. If there's a JSOP_POP it'll just get popped.

The easiest thing to do here is to fix when the snapshot is taken, then do a fixup in LeaveTree so we can have a working assertion, and comment on this craziness.

Any objections?
Summary: TM: Simplify or clarify STATUS_EXIT uses → TM: fix and clarify incorrect STATUS_EXIT uses
Comment on attachment 402511 [details] [diff] [review]
patch

Looks good to me. This is really bizarre behavior. The fusing of opcodes has bit us before.
Attachment #402511 - Flags: review+
Depends on: 519244
http://hg.mozilla.org/mozilla-central/rev/967eebe275bc
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
this isn't fixed 192, that changelog is for another patch that has the wrong bug number in it.
status1.9.2: beta1-fixed → ---
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: